我试图将一些数据发布到 https URL,所以我使用了我在 http://developer.android.com/reference/javax/net/ssl/HttpsURLConnection.html 中找到的代码:
KeyStore keyStore = ...;
String algorithm = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmf =TrustManagerFactory.getInstance(algorithm);
tmf.init(keyStore);
SSLContext context = SSLContext.getInstance("TLS");
context.init(null, tmf.getTrustManagers(), null);
// Open a HTTP connection to the URL
conn = (HttpsURLConnection) url.openConnection();
conn.setSSLSocketFactory(context.getSocketFactory());
问题是,我遇到了这个异常:
Exception : java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found.
额外信息1: 我可以成功地发布到 https: 地址,而无需从我的笔记本电脑的终端做任何额外的事情,这是详细连接的打印输出:
== Info: Connected to cloud.someserver.com (127.0.0.1) port 443 (#0)
== Info: TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
== Info: Server certificate: cloud.someserver.com
== Info: Server certificate: StartCom Class 1 Primary Intermediate Server CA
== Info: Server certificate: StartCom Certification Authority
额外信息 2:这是我在执行“openssl s_client -connect cloud.myserver.com:80”时从控制台获得的打印输出:
连接(00000003) 77152:错误:140770FC:SSL例程:SSL23_GET_SERVER_HELLO:未知协议(protocol):/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:618: Joshs-MacBook-Pro:~ JoshDBS$ openssl s_client -connect cloud.myserver.com:8080 连接:连接被拒绝 连接:错误号=61 Joshs-MacBook-Pro:~ JoshDBS$ openssl s_client -connect cloud.myserver.com:81 连接:连接被拒绝 连接:错误号=61 Joshs-MacBook-Pro:~ JoshDBS$ openssl s_client -connect cloud.myserver.com:80
CONNECTED(00000003)
77155:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59/src/ssl/s23_clnt.c:618:
Joshs-MacBook-Pro:~ JoshDBS$ openssl s_client -connect cloud.myserver.com:443
CONNECTED(00000003)
depth=0 /C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgIHBcg1dAivUzANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UE
(Lots of alphanumeric characters here)
-----END CERTIFICATE-----
subject=/C=ES/CN=cloud.myserver.com/emailAddress=postmaster@myserver.com
issuer=/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
---
No client certificate CA names sent
---
SSL handshake has read 2304 bytes and written 328 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: B67EED30382BE22A81F86884646480E967662A1559CA791B1B4DA8F06EDC
Session-ID-ctx:
Master-Key: DE439EC4BEA0AA6E9B15836AD33DB46105D1A27544E0570E8EFF50D3BEF8F0725FC1A34343495D5ADAE192DD09838
Key-Arg : None
Start Time: 1450886131
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
---
closed
我需要为 keystore 分配什么值而不是那三个点 (...),我从哪里得到它?
如何使用 HttpsURLConnection 发布数据? (我已经可以发布到简单的 http: URL)
最佳答案
尝试以下操作:
String keyStoreType = KeyStore.getDefaultType();
KeyStore keyStore = KeyStore.getInstance(keyStoreType);
此外,您要访问哪个 URL?它可能不在 Android 的受信任证书的 DataStore 中,这意味着您必须自己做更多的工作才能将证书添加到 DataStore。
如果您仍然卡住,请告诉我,我们将进一步调试您的问题。
关于java - 如何使用 HttpsURLConnection 连接到 https URL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/34438475/